Emotet malware, a very potent malware has been discovered to be used in a new campaign expected to affect a lot of people. It hacks into nearby Wi-Fi networks to infect new victims according to the report. The Emotet malware has been used in a number of botnet driven spam campaign and ransomware.
It is recognized as one of the most dangerous malware on the internet. In the latest campaign, it discovers a Wi-Fi network, and then scan the Wi-Fi for the devices connected on the network. After detecting the connected devices, it infects them. According to the cybersecurity firm, Binary Defense, the malware had been actively infecting devices in the campaign for close to 2 years without being noticed. Interestingly, the campaign was just discovered last month after running from 16 April 2018.
The Emotet malware has displayed its upgraded capability as it has now made it possible for devices of close proximity to an originally infected device to be infected according to the report. Hackers have over the years upgraded their existing hacktools to overcome the latest defense with unique strategies making it important for firms to treat cybersecurity with all kinds of seriousness.
Image Source: www.techxplore.com
Emotet was first discovered in 2014 by researchers. Interestingly, the malware has evolved a lot within a short period moving from banking Trojan to downloader and information stealer. Not just that, it has been actively been used in spam bot and as a delivery mechanism of ransomware. This malware is mostly delivered through emails in a phishing campaign. There is a report on how an employee of a company ended up downloading Emotet Trojan, Trickbot Trojan, and Ryuk ransomware by clicking on a link found in an email.
According to the researchers, the newly discovered Emotet malware campaign works by first using the WLAN API interface to extract SSID, signal strength, authentication method and finally, the mode of encryption used to secure passwords according to the report. These are the information used to connect the network as claimed by the research. A brute-force attack is launched in an attempt to connect the network using the passwords secured in one of the internal password lists.
According to the report, the next password on the list Is considered when the connection fails. It was stated that the malware will connect the compromised system on the newly accessed network after the connection becomes successful. After completion of this process, it enumerates all the none hidden shares. This does not end there.
A second brute-force is launched to obtain the usernames and passwords of all the users connected in the network. After a successful brute-force, a malicious payload called “service.exe” is installed on the newly infected remote system. The process has been well designed making it difficult to detect. The payload has been designed to load as a window defender system service. It then acts as a dropper to execute the Emotet binary on the host in addition to the communication to the command and control server as claimed by the report.
Emotet malware is very dangerous and should not be treated lightly. The malware can jump from one Wi-Fi network to the other. Companies with unsecured Wi-Fi network or Wi-Fi networks with weaker passwords are always at risk of being affected by this campaign. It is important for individuals and companies to secure their network with a stronger password to stand a chance against this malware.
Researchers revealed that Emotet malware can be detected by constantly checking through temporal folders for running processes. Also, constant monitoring of running processes from the user profile application data folder can be engaged to detect the malware.
After operating for a while, the Emotet malware disappeared and came back in September 2019 with a geographically targeted email campaign making use of the financial themes to lure targets to open a malicious link or download a malicious document attachment.
Image Source: www.trishtech.com
The report established that a new threat vector is found in the Emotet capabilities in the new loader type. The Emotet can use the loader type to spread the malware through a nearby wireless network, and per the assessment, this is much effective in networks that have no password.
Different kinds of malware have emerged with the old ones being upgraded by the malware developers. Regardless of the effectiveness of the malware, most of their success depends on the negligence of the targets. It is always advisable to patch security flaws, set stronger passwords and make an effort to set 2-factor authentication to strengthen the security. These may not be a magical incantation to stop a silver bullet, but a good effort to minimize the success rate of attack.
Source: The Hacker News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.